24 posts • joined 6 Feb 2008
Re: "It's an expensive ask..." but necessary
@Trevor I think your analysis is very fair. I'm glad you're talking to Synology and hope you get them to refocus on security. I've seen them extend a lot of features. From a business perspective I can see the drive to keep up with competitors offering x, y and z.
The problem with enhancing security is that it doesn't really sell as an EXCITING feature - not until something goes wrong. Right now I'd pay Synology £100 for this problem to go away. Would I have paid that premium at the start of the year when I bought two Synology NASs? I honestly don't know... probably not. In that sense users like me are part of the problem. That's also why the people behind this attack will probably find it quite profitable.
"It's an expensive ask..." but necessary
It will be expensive for Synology to improve their security, but they found the money for the new GUI on DSM v5 which has received "mixed reactions" (to put it politely). Setting up non-standard port numbers etc, should be an easy task and part of the default setup. El Reg readers are probably happy going to the command line, but that's too hard for most people. Besides, many would make the (wrong) inference that if it mattered the option would be in the GUI.
Synology aren't just selling to IT professionals but to people who want Synology NAS as a "just works" commodity for their home office. Many here would say that's naive of the users. But all the emphasis on EZ-Connect etc indicates many Synology customers don't understand port forwarding etc. Synology needs to find a way of saving the average user from themselves and the risks of attaching all your data to the internet. BTW I'm not criticising ordinary users, I'm a psychologist not an IT professional. I've made my fair share of security screw-ups.
Re: Ok, shutdown... then what?
Good. However, it didn't show in my Facebook news feed. So perhaps more channels of communication wouldn't hurt. It's not like they don't have our addresses. This is urgent. The quicker people know, the more data will be saved.
BTW I'm not sure why you've inferred I don't like facebook/twitter - I use them both. And indeed have used them this morning to alert more people. They play a part in the dissemination of info, but Synology could go further.
Ok, shutdown... then what?
I have (sorry, had) more than one Synology server in different locations precisely for the purpose of having redundant backup and high availability. Everything offsite is now powered down. Onsite I've yanked the CAT6 until I sort the ports out.
There is a lot at stake for Synology as a company in terms of how quickly they a) communicate this to customers (I found out from El Reg, not Synology), and b) how fast they patch DSM 5 and 4.*. They will need to re-gain trust. Ideally an independent audit of their DSM software. But even simple measures like allowing users to easily change standard ports (and by "easily", I mean in the GUI) would be a help right now.
As I start thinking about how to improve my resilience, buying more Synology kit isn't exactly top of the list. If they'd put half the effort spend on the "pretty" new GUI for DSM5 into improving security then we probably wouldn't have this problem.
I have USB hard drive backups of most data. The rest are in Amazon Glacier. If I have to pull data out off Glacier because of this then Synology can expect to receive the bill.
Why is The Reg hostile to psychologists?
I've never understood The Reg's hostility to psychologists ("trick-cyclists"). It is true that some psychologists have published utter BS in journals that should have known better. You can cherry pick the BS to make an academic discipline appear highly suspect. Or you could be more balanced and call out the BS when it happens, but also appreciate the better quality research.
For example, many of the comments following the article criticising Kevin Warwick focus on cognitive development in children and brain structure. You'll find some of the "trick-cyclists" actually know quite a lot about those things.
Is psychology flawed? Yes, but that's largely because it is has to understand the human mind, using human minds to do the research. That's no small challenge!
Disclosure: I am a psychologist, but also a geek (hence reading The Reg).
Not as local as I hoped
Seems good in principle and nice to have as an option. However I'm slightly surprised by how far my local Collect+ points are. I really hope it works and they end up with more outlets because my employers aren't keen on me getting parcels there and I live in the kind of apartment that is utterly impenetrable when it comes to deliveries :(
Skype cuts off nose?
AC: "Not quite sure what Skypes business plan is apart from to prevent as many of its users from using their service as possible."
Yep. I used to SkypeOut (i.e. paid for) using the Nimbuzz client. I'm not exactly going to top up my Skype account once the money runs out.
Why the swipe at psychology?
Why end an article about media representation of climate change with a swipe at psychology and business studies?
If you want to know *why* different media outlets are presenting 'the science' differently then some kind of social scientist might actually be the right person to ask.
Easier to use
For the average person LogMeIn is very easy to setup and use. My recollection is that it dealt with firewalls rather nicely.
But for the average Reg reader AC is right about ssh, vnc etc...
The Na'vi have a horrible time...
Pandora looked very pretty, so I understand why it might seem superficially appealing compared with the more mundane aspects of real life. But the Na'vi have a horrible time what with getting killed and having their special tree burnt down.
Floating mountains aside, we already live on a pretty cool planet. If what you learn from this badly scripted film is that you don't terribly like your life then do something about it. Not wishing to trivialise depression, but retreating into a fantasy world is only going to widen the gap between your life as you want to lead it and how you actually lead it. I'd try and focus on nice things that actually do exist on this planet.
Regular VM outages made me buy 3g
I don't know the annual rate of VM internet outages in my area, but enough of them are sufficiently inconvenient that I bought a 3g dongle as a (slow) backup.
What surprised me more was when my elderly parents lost their VM telephone line for around 24hrs. I think that was about the third time this year. They aren't very good with their mobile phone so I'm not confident they'd have been able to make a call if there were an emergency. (Given my father had a heart attack a month ago, it isn't a particularly far-fetched scenario.)
The VM status page doesn't seem particularly useful. Firstly some of their geographical areas are ambiguous and don't obviously map onto reality as I know it. Secondly it doesn't always seem to be updated, which must mean they have to handle more enquiries. If it said "Telephone outage in Town X, should be fixed by 5pm" I wouldn't have spent an hour trying to call them from my mobile.
Better linuxes, but poorer high street availability?
I bought one of the original linux Acer Aspire Ones with from PC World. Getting a linux version was easy, but Linpus on the Acer was horrible. Even as a linux fanboi I just couldn't get on with it. Ubuntu NBR was a massive improvement.
I couldn't find any linux netbooks on the PC World website this morning. Anyone know which, if any, high street retailers offer linux netbooks? Seems a shame if just as we have better linuxes for netbooks, they vanish from the shops.
Chrome for Linux
Does this mean Google will finally release a version of Chrome for linux?
@ h 6
"I ended up spending most of my after school 300 baud online time at the local BBSs. For free. Fidonet anyone?"
Yeah, I was a fido sysop (2:440/308 IIRC). The nice thing was your local BBS could pre-process and compress (ARC, LZH, ZIP whatever...) your mail so you'd make maximum use of your online time. That was great for the UK where we paid BT by the minute (albeit only local rates).
Support for linux would be better, however it was nice to see them supply easy to follow instructions for setting up with Wine. It worked very smoothly for me with Ubuntu 8.04LTS and Wine v1.
I know everyone is laughing at the idea of kebabs being labelled, but manufacturers do actually label the kebab meat. That's how the kebab house knows what type of meat it is. So if the labels don't reflect the contents then you potentially end up with Muslims inadvertently eating/handling pork or non-halal meat.
They got greedy
I had an ebay shop which helped finance my PhD. Ebay's customer service was never good, but as time went by they eroded profit margins so badly that it ultimately became uneconomic for me and many other sellers. Time and time again they'd tell us fees were being reduced, but when you read the small print it only applied in incredibly limited circumstances. On a £5 sale I could end up paying them nearly £1.50 after listing fees, shop fees, selling fees and paypal fees.
It is sad really because some sellers were very good and there was, in the early days, a tremendous sense of good-will.
Is this a FOSS image problem?
Putting Karen aside, isn't the real story that FOSS is unfamiliar to many/most computer users?
For example I gave a colleague an Ubuntu CD to try out but they changed their minds after a helpful friend warned them that it must be pirated and full of viruses. Free (as in beer) arouses suspicion and free (as in speech) isn't commonly understood. Meanwhile malware and counterfeit or stolen software are quite familiar ideas.
I'm more worried about the NEXT emperor
Looking ahead the problem may be that the IWF eventually gets replaced or significantly reshaped - now that could be a good thing, but it could also be very bad. Given the current moral panic and stories like this...
...(admittedly in Australia not the UK, but part of the same hysteria) how confident do we feel that there won't be a knee jerk reaction and the introduction of more restrictive practices?
When I bought my linux AA1 from DSG they tried very hard to sell me Windows anti-virus software.
I can envisage the UK government attempting something similarly draconian, and they will get support for it on the basis of protecting children.
We don't normally do feminist gender theory on The Reg ;-) but it brings to mind Angela McRobbie's description of moral panic 'instill[ing] fear in people and [...] encouraging them to turn away from complexity [...] to adopt a gung-ho “something must be done about it” attitude’. In the midst of a moral panic rational discussion becomes impossible, and anyone querying censorship can be beaten over the head for supporting child pornography, terrorism or whatever.
We aren't a police state and saying that we are seriously underestimates what real oppression is. HOWEVER, there is something incredibly wrong with a supposedly liberal democracy introducing such sweeping powers of surveillance. Furthermore the government has profoundly misunderstood its relationship with the people - we control them, not the other way around. If there is probable cause to suspect a serious crime then, yes, by all means bring out the wiretaps and MI5 - but leave everyone else the hell alone.
I used to believe in the New Labour project. There was a point in time where, in contrast with Thatcherism, it seemed possible for a government to give a shit about people (e.g. minimum wage, equality legislation, civil partnerships, more money for NHS...). But it is hard to remember the good stuff compared with the avalanche of execrable bat shit crazy control freak reactionary bollocks. It's like someone read Foucault and decided to have a real panopticon, not just in a prison but actually out there monitoring all of us. Gah... I need a drink!
I run an Ebay business and agree there is a legitimate concern about sellers giving retaliatory -ve feedback. However buyer feedback is going to be meaningless under this new system. Why not simply give sellers access to relatively objective stats like the number of purchases made and the number of non-payment strikes against the seller?
IMHO the bigger story about the price changes has been obscured. There will be reductions for powersellers who get good feedback, unfortunately this is counterbalanced by a fee increase for non-powersellers no matter how good their feedback.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Game Theory The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Worstall on Wednesday Wall Street woes: Oh noes, tech titans aren't using bankers
- Kate Bush: Don't make me HAVE CONTACT with your iPHONE